Positive Research Identifies Critical Security Flaws in Windows 8

24 September 2012

Positive Research, the research arm of Positive Technologies, has uncovered a number of key vulnerabilities in the latest Windows operating system just weeks before its scheduled launch. Experts from Positive Research have proactively shared their findings with Microsoft in order to help them correct the flaws in Windows 8 before it’s released in October.

Our research revealed that incorrect configuration of the Windows 8 x86 version could allow attackers to bypass the Intel SMEP security restrictions, using the shortcomings in the 32-bit versions of Windows 8 security and information about the address space of the OS. This security feature protects against dangerous kernel-level attacks because a successful exploitation would allow an attacker to gain full control over the user’s machine, bypassing any of the security within the operating system.

While SMEP support on the 64-bit version of Windows 8 was found to be more secure, it’s still vulnerable to Return-Oriented Programming (ROP). Our analysis also uncovered the potential for attackers to bypass the SMEP security by exploiting drivers developed by third-party vendors, which do not use special non-executable pools for data storage and transfer.